DROWN is a new attack that endangers encrypted connections between client and server. also vulnerable, but not limited to, sites and webmail protected by HTTPS and TLS who use OpenSSL. But the fix is already available.
More than 11 million Web sites and webmail services using the protocol TLS (transport layer security) are potentially vulnerable to a new low-cost attack that can decrypt communications data in a few hours or even in rare cases, instantly. The first million of the most popular web sites, warn security researchers, about 81 000 results are vulnerable to new attack known by the name of DROWN and able to attack the HTTPS secure websites, those that normally consider safe.
The attack can be perfected against communications protected by TLS and are based on the RSA cryptosystem when the key is exposed, even indirectly, through the obsolete SSLv2 protocol (which preceded for years TLS). The vulnerability allows the attacker to decipher the key of a TLS connection caught using several times the SSLv2 protocol to make various connections with the server. For each attempt, the user is able to obtain a few bits of information required.
Although many security experts believe that removing the SSLv2 support by browsers and e-mail client, you could prevent the abuse of the old protocol, some implementations of TLS poorly configured server can mistakenly ensure the use of SSLv2 to make connections when the client. It requests the server using the old protocol. This is the case of OpenSSL, among the most striking, which has corrected the flaw disclosed in recent days through a critical update released Tuesday.
Some recent scans of the various major websites showed that over 5.9 million web servers, including 17% of HTTPS protected servers, support more directly the SSLv2 protocol, along with almost 1 million protected email server by TLS. Which is worrying given that we are talking about a protocol of the early 90s of which has been repeatedly requested disabling for security reasons. Even more worrying how they can run the new exploit.
A server that does not allow connections through the SSLv2 protocol can be susceptible to external attacks if the RSA key is reused on a separate server that actually supports the protocol. The researchers said that even a site that prohibits the use of SSLv2 may be vulnerable if the key of the connection is used on an e-mail server that makes possible the use of SSLv2 protocol.
Precisely for this reason the researchers argue that about 11.5 million via HTTPS protected sites may be vulnerable to attack DROWN, along with a significant number of e-mail servers protected via TLS. As we wrote above, the TLS implementation more vulnerable to widespread DROWN is OpenSSL. The latest versions do not enable it by default compartment the SSLv2 connections administrators in some cases bypassing these settings in an attempt to optimize the use with applications such as Apache and Nginx.
The update uses a more drastic approach, making it all but impossible enable via SSLv2 connections by the end user without the explicit consent. The patch also removes support for the encryption algorithms of the protocol, considered too weak and that made it possible to DROWN attack. It’s encryption technologies implemented in the 90’s to be easily circumvented at the request of the US government.
The servers that rely on OpenSSL libraries should install the latest patches available, the 1.0.2g or 1.0.1s, as soon as possible. But those based on Microsoft IIS 7.0 or later, and on 13.3 and later versions of NSS should have the SSLv2 protocol disabled by default way. Who still uses older versions should instead install the latest updates. The researchers who discovered the attack have also released a tool (which can be found on this page) to see if your web site is vulnerable to DROWN.